Guide to Networking sidecar ingress containers for Cloudflare Argo, Wireguard, Tailscale, LetSencrypt, Caddy, and SOCKS/SSH tunnel containers in Docker Compose

Networking Home Networking
, , ,
1

Example networking sidecar ingress containers for Cloudflare Argo, Wireguard, Tailscale, LetSencrypt, Caddy, and SOCKS/SSH tunnel containers in Docker Compose.

Goes well with these docker-compose database container examples:

Guide to database container setups for PostgreSQL, MariaDB, Redis, Memcached, MongoDB, Neo4j, Hasura GraphQL, CockroachDB, and TiDB in Docker Compose

version: '2.4'

services:
    demo:
        hostname: demo
        image: nginx:alpine                               # Your image goes here
        expose:
            - 80
        cpus: 2
        mem_limit: 4096m
        restart: on-failure

    tailscale:
        # https://rnorth.org/tailscale-docker/
        # $ docker-compose up
        # $ docker-compose exec tailscale tailscale up
        #    To authenticate, visit: https://login.tailscale.com/a/SOME_HEX_CODE
        image: tailscale:1.76.1
        build: https://github.com/tailscale/tailscale.git#v1.76.1
        command: tailscaled
        cap_add:
            - NET_ADMIN
            # - SYS_MODULE             # usually not needed, depends on host OS
        network_mode: 'service:demo'
        ports:
            - 41641:41641/udp
        volumes:
            - /dev/net/tun:/dev/net/tun
            - ./data/tailscale:/var/lib/tailscale
        cpus: 2
        mem_limit: 4096m
        restart: on-failure

    wireguard:
        # https://hub.docker.com/r/linuxserver/wireguard
        image: linuxserver/wireguard
        sysctls:
            - net.ipv4.conf.all.src_valid_mark=1
        cap_add:
            - NET_ADMIN
            - SYS_MODULE
        network_mode: 'service:demo'
        volumes:
            - ./etc/wireguard/wg0.conf:/config/wg0.conf
        cpus: 2
        mem_limit: 4096m
        restart: on-failure

    argo:
        # https://hub.docker.com/r/cloudflare/cloudflared
        image: cloudflare/cloudflared
        command: tunnel --no-autoupdate --retries 8 --hostname demo.hhf.technology http://demo:80
        network_mode: 'service:demo'
        depends_on:
            - demo
        volumes:
            # Get this cert from https://www.cloudflare.com/a/warp
            - ./data/argo/cert.pem:/etc/cloudflared/cert.pem:ro
        cpus: 2
        mem_limit: 4096m
        restart: on-failure

    letsencrypt:
        # https://github.com/wmnnd/nginx-certbot
        image: certbot/dns-cloudflare
        entrypoint: |
            while true; do \
                certbot certonly \
                    --keep-until-expiring \
                    --dns-cloudflare \
                    --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini \
                    --domains demo.zervice.io; \
                sleep 43200; \
            done
        volumes:
            - ./etc/letsencrypt:/etc/letsencrypt
        cpus: 2
        mem_limit: 4096m
        restart: on-failure

    caddy:
        # https://hub.docker.com/_/caddy
        image: caddy:2.8.4-alpine
        command: caddy reverse-proxy --from demo.hhf.technology --to demo:80
        ports:
          - '80:80'
          - '443:443'
        cpus: 2
        mem_limit: 4096m
        restart: on-failure

    cloudflare:
        image: oznu/cloudflare-ddns:latest
        environment:
            - API_KEY=xxxxxxx
            - ZONE=hhf.technology
            - SUBDOMAIN=demo
            - PROXIED=true

    ssh:
        # https://hub.docker.com/r/linuxserver/openssh-server
        image: linuxserver/openssh-server
        command: ssh -N -T -R 0.0.0.0:80:demo:80 -p 44 root@demo.hhf.technology
        network_mode: 'service:demo'
        volumes:
            - ./data/keys:/root/.ssh